Security News
OpenJS: “XZ Utils Cyberattack Likely Not an Isolated Incident”
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.
verdaccio-ldap
Advanced tools
Weekly downloads
Readme
verdaccio-ldap
is a fork of sinopia-ldap
. It aims to keep backwards compatibility with sinopia
, while keeping up with npm changes.
$ npm install verdaccio
$ npm install verdaccio-ldap
A detailed example of the verdaccio-ldap plugin + OpenLDAP server packed in Docker for v3 is available here and for v4 here.
Read a guide how to migrate from Verdaccio v3 to v4 using LDAP plugin.
Add to your config.yaml
:
auth:
ldap:
type: ldap
# Only required if you are fetching groups that do not have a "cn" property. defaults to "cn"
groupNameAttribute: "ou"
# Optional, default false.
cache:
# max credentials to cache (default to 100 if cache is enabled)
size: 100
# cache expiration in seconds (default to 300 if cache is enabled)
expire: 300
client_options:
url: "ldap://ldap.example.com"
# Only required if you need auth to bind
adminDn: "cn=admin,dc=example,dc=com"
adminPassword: "admin"
# Search base for users
searchBase: "ou=People,dc=example,dc=com"
searchFilter: "(uid={{username}})"
# If you are using groups, this is also needed
groupDnProperty: 'cn'
groupSearchBase: 'ou=groups,dc=myorg,dc=com'
# If you have memberOf support on your ldap
searchAttributes: ['*', 'memberOf']
# Else, if you don't (use one or the other):
# groupSearchFilter: '(memberUid={{dn}})'
# Optional
reconnect: true
If you run this plugin in k8s, you may want to set password by env with secretRef.
You can use LDAP_ADMIN_PASS
to set ldap admin password, it will override the one in config.yaml
.
It's called as:
require('verdaccio-ldap')(config, stuff)
Where:
This should export two functions:
adduser(user, password, cb)
It should respond with:
cb(err)
in case of an error (error will be returned to user)cb(null, false)
in case registration is disabled (next auth plugin will be executed)cb(null, true)
in case user registered successfullyIt's useful to set err.status
property to set http status code (e.g. err.status = 403
).
authenticate(user, password, cb)
It should respond with:
cb(err)
in case of a fatal error (error will be returned to user, keep those rare)cb(null, false)
in case user not authenticated (next auth plugin will be executed)cb(null, [groups])
in case user is authenticatedGroups is an array of all users/usergroups this user has access to. You should probably include username itself here.
FAQs
LDAP auth plugin for verdaccio
The npm package verdaccio-ldap receives a total of 37 weekly downloads. As such, verdaccio-ldap popularity was classified as not popular.
We found that verdaccio-ldap demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.
Company News
Come meet the Socket team at BSidesSF and RSA! We're sponsoring several fun networking events and we would love to see you there.
Security News
OSI is starting a conversation aimed at removing the excuse of the SaaS loophole for companies navigating licensing and the complexities of doing business with open source.